Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Bug Software Apache

Tripwire for Apache 11

Long time sysadmins who are accustom to using Tripwire might find this interesting. Tripwire and Covalent have released a version of Tripwire's intrusion detection software product integreated into Apache.
This discussion has been archived. No new comments can be posted.

Tripwire for Apache

Comments Filter:
  • Long time sysadmins who are accustom to using Tripwire might find this interesting. Tripwire and Covalent have released a version of Tripwire's intrusion detection software product integreated into Apache.

    Hrmph.

  • ... But I can't see this working easily for sites like /. where you have user-inputted content that changes rapidly. How do you tell the tripwire database that the replies that are being posted are "ok" changes, but that putting a big goatsex banner on the main page isn't?

    The other thing I thought while reading it is how do you keep the "redirect" url safe? If someone hacks the main page, how do you keep the page that says "we've been hacked, we'll be right back" from also being goatsexed?

  • by Strog ( 129969 ) on Wednesday April 18, 2001 @06:37AM (#283496) Homepage Journal
    The website talks about protecting dynamic data too. They list PHP and Perl as supported.

    <grain_of_salt> I assume that it will protect the source files (.pl, .php, etc.) but still would allow you to try to alter the output if the code has a hole in it. My coding is rudimentary at best so I guess I would be a candidate for having my code exploited. The good news is that the source can't be hacked without tripwire catching it so they could continue to exploit it until I actually got the code fixed.</grain_of_salt>

    Tripwire states that it is multiplatform then goes on to list Multi-*nix. The datasheet adds NT and 2000 to the list. Aren't they proud of their Win32 product too?
  • by delibes ( 303485 ) on Wednesday April 18, 2001 @08:17AM (#283497)
    I agree sort of. For simple templated pages with no user feedback it'll work fine. But remember /. is moderated, so part of the workflow procedure could automatically calculate a new checksum for content that passes moderation.

    If it's a an Apache server module (mod_tripwire?) then potentially a redirect URL could be coded into the DSO. Makes it harder to change via a hack (not very hard though), but also harder to admin (though how often are you going to change the Tripwire redir URL huh?). Something like Tripwire for Apache would at worst add an extra layer of obfuscation. At best it could cut out a few more script kiddies.

    Hmm, just thought, this is begging to be written as a servlet 2.3 filter... 'scuse me I'll be right back...
  • You know if they really wanted an great endorsement they would get it working for slashdot, and then say, "As used by slashdot."

    While there are some pages that MAY get more hits per day, I can't think of a better geek to geek endorsement.

  • Come on folks there a plenty of products that can tell you when a file changes... and ALL of them work with Apache. For some of them check our here [tucows.com]. Geez, anything to make a buck.
  • by Anonymous Coward
    That's what Tripwire is, corporate sellout whores. Sorry to Gene and the other few cool people who work there, but the place is being run into the GROUND by a dumbass marketting department and choked out of businnes by idiot middle management.

    I highly advise anybody looking at this group to deploy on any type of production server to think again, there are many ways around tripwire.

    Even without the kernel module type hacks.

    That, and they have no clue about security.

    This from a "security" company. Sigh.

    BTW, this isn't tripwire for apache. This is software developed by covalent (not that bad a thing) but with Tripwire "branding"

    "brand"

    Pfah. Marketting BULLSHIT.

    s/branding/market wh0res/g;
  • that aol/netscape/sun/time-warner was an unlikely merger.
    ---
  • If you want your opinion to have any validity, for God's sake have the gumption to identify yourself! Also random, vague slander is worthless...try backing up your mouth with facts next time
  • by Anonymous Coward
    Facts?

    Ok, how's these?

    1) In the GUI version of tripwire, no verification is done that the tripwire executables that it blindly accepts input back from are indeed the actual tripwire executables. It is very easy to replace Tripwire with a shell script that responds "All Clear!" and the GUI will never know the difference.

    2) As printing the configuration file and policy file do not require passphrases, it is trivial after 0wning the box to get copies of the administrator's config, regenerate the site and local passphrases, generate a new database and update it. The admin will never know the difference until he does something that requires a passphrase.

    Why is this a problem? They sell this software under the false pretense of not needing Tripwire to be stored off-machine in order for it to be secure.

    I could go on and on..

    And no, I will not identify myself. My identity matters not, only the message.

  • Well, JP....i see you've not lost your edge.

"In my opinion, Richard Stallman wouldn't recognise terrorism if it came up and bit him on his Internet." -- Ross M. Greenberg

Working...